summaryrefslogtreecommitdiffstats
path: root/roles/common/templates
Commit message (Expand)AuthorAgeFiles
* typofixGuilhem Moulin2020-05-161
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-166
* /etc/apt/sources.list: Use https:// URIs.Guilhem Moulin2020-01-251
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-251
* Convert firewall to nftables.Guilhem Moulin2020-01-234
* Postfix: disable DNS lookups on the internal SMTPds.Guilhem Moulin2020-01-231
* tr/-/_/ in group names.Guilhem Moulin2020-01-223
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-193
* submission: Prospective SPF checking.Guilhem Moulin2018-12-122
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-092
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* Install unbound on metal hosts.Guilhem Moulin2018-12-031
* Define new host "calima" serving Nextcloud.Guilhem Moulin2018-12-031
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-031
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-031
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-035
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-041
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-042
* Fix detection of KVM guests.Guilhem Moulin2017-07-292
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-261
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-103
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-091
* IPSec → IPsecGuilhem Moulin2016-06-292
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-223
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-223
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-225
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181